Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-8428 (GCVE-0-2020-8428)
Vulnerability from cvelistv5 – Published: 2020-01-28 23:43 – Updated: 2024-08-04 09:56
VLAI?
EPSS
Summary
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/28/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"name": "[oss-security] 20200129 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/28/4"
},
{
"name": "[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/02/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "openSUSE-SU-2020:0336",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"name": "USN-4320-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4320-1/"
},
{
"name": "USN-4318-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4318-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "USN-4324-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4324-1/"
},
{
"name": "USN-4325-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4325-1/"
},
{
"name": "USN-4319-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4319-1/"
},
{
"name": "DSA-4667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T19:06:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/28/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"name": "[oss-security] 20200129 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/28/4"
},
{
"name": "[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/02/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "openSUSE-SU-2020:0336",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"name": "USN-4320-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4320-1/"
},
{
"name": "USN-4318-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4318-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "USN-4324-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4324-1/"
},
{
"name": "USN-4325-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4325-1/"
},
{
"name": "USN-4319-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4319-1/"
},
{
"name": "DSA-4667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/01/28/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/01/28/2"
},
{
"name": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"name": "[oss-security] 20200129 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/28/4"
},
{
"name": "[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/02/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200313-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "openSUSE-SU-2020:0336",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"name": "USN-4320-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4320-1/"
},
{
"name": "USN-4318-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4318-1/"
},
{
"name": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "USN-4324-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4324-1/"
},
{
"name": "USN-4325-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4325-1/"
},
{
"name": "USN-4319-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4319-1/"
},
{
"name": "DSA-4667",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4698"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8428",
"datePublished": "2020-01-28T23:43:41.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:28.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8428
Vulnerability from fstec - Published: 26.01.2020
VLAI Severity ?
Title
Уязвимость функции fs/namei.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции fs/namei.c ядра операционной системы Linux связана с использованием памяти после освобождения. Эксплуатация может позволить нарушителю вызвать отказ в обслуживании
Severity ?
Vendor
Canonical Ltd., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, Novell Inc., АО «Концерн ВНИИНС», ООО «Открытая мобильная платформа»
Software Name
Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, SUSE Linux Enterprise, OpenSUSE Leap, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Linux, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ОС Аврора (запись в едином реестре российских программ №1543)
Software Version
14.04 LTS (Ubuntu), 1.5 «Смоленск» (Astra Linux Special Edition), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), High Performance Computing 12 (SUSE Linux Enterprise), Module for Basesystem 15 GA (SUSE Linux Enterprise), Server 12 SP4 (SUSE Linux Enterprise), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), Module for Basesystem 15 SP1 (SUSE Linux Enterprise), Module for Development Tools 15 GA (SUSE Linux Enterprise), Module for Development Tools 15 SP1 (SUSE Linux Enterprise), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), от 4.4.166 до 4.4.211 включительно (Linux), от 4.9.142 до 4.9.211 включительно (Linux), от 4.14.85 до 4.14.168 включительно (Linux), от 4.19.0 до 4.19.99 включительно (Linux), от 4.20 до 5.4.15 включительно (Linux), до 16.01.2023 (ОС ОН «Стрелец»), до 5.1.5 включительно (ОС Аврора)
Possible Mitigations
Использование рекомендаций:
Для linux:
Обновление программного обеспечения до 5.7.6-1 или более поздней версии
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.168
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.169
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.100
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.99
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.211
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.212
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.211
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.212
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2020-8428/
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
Для Debian:
Обновление программного обеспечения (пакета linux) до 5.7.6-1 или более поздней версии
https://www.debian.org/security/2020/dsa-4667
https://www.debian.org/security/2020/dsa-4698
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
Для Ubuntu:
https://usn.ubuntu.com/4318-1/
https://usn.ubuntu.com/4319-1/
https://usn.ubuntu.com/4320-1/
https://usn.ubuntu.com/4324-1/
https://usn.ubuntu.com/4325-1/
Для Astra Linux:
Обновление программного обеспечения (пакета linux) до 5.7.6-1 или более поздней версии
Для ОС ОН «Стрелец»:
Обновление программного обеспечения linux до версии 5.4.123-1~bpo10+1.osnova162.strelets
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
Для ОС Аврора: https://cve.omp.ru/bb30515
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html
http://www.openwall.com/lists/oss-security/2020/01/28/4
http://www.openwall.com/lists/oss-security/2020/02/02/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8428
https://cxsecurity.com/cveshow/CVE-2020-8428/
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6
https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.168
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.169
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.100
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.99
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.211
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.212
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.211
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.212
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
https://nvd.nist.gov/vuln/detail/CVE-2020-8428
https://security.netapp.com/advisory/ntap-20200313-0003/
https://security-tracker.debian.org/tracker/CVE-2020-8428
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://syzkaller.appspot.com/bug?extid=190005201ced78a74ad6
https://ubuntu.com/security/notices/USN-4318-1
https://ubuntu.com/security/notices/USN-4319-1
https://ubuntu.com/security/notices/USN-4320-1
https://ubuntu.com/security/notices/USN-4324-1
https://ubuntu.com/security/notices/USN-4325-1
https://usn.ubuntu.com/4318-1/
https://usn.ubuntu.com/4319-1/
https://usn.ubuntu.com/4320-1/
https://usn.ubuntu.com/4324-1/
https://usn.ubuntu.com/4325-1/
https://usn.ubuntu.com/lsn/0065-1/
https://usn.ubuntu.com/usn/usn-4318-1
https://usn.ubuntu.com/usn/usn-4319-1
https://usn.ubuntu.com/usn/usn-4320-1
https://usn.ubuntu.com/usn/usn-4324-1
https://usn.ubuntu.com/usn/usn-4325-1
https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15
https://www.cve.org/CVERecord?id=CVE-2020-8428
https://www.debian.org/security/2020/dsa-4667
https://www.debian.org/security/2020/dsa-4698
https://www.openwall.com/lists/oss-security/2020/01/28/2
https://www.openwall.com/lists/oss-security/2020/01/28/4
https://www.openwall.com/lists/oss-security/2020/02/02/1
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
https://cve.omp.ru/bb30515
CWE
CWE-416
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.04 LTS (Ubuntu), 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), High Performance Computing 12 (SUSE Linux Enterprise), Module for Basesystem 15 GA (SUSE Linux Enterprise), Server 12 SP4 (SUSE Linux Enterprise), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), Module for Basesystem 15 SP1 (SUSE Linux Enterprise), Module for Development Tools 15 GA (SUSE Linux Enterprise), Module for Development Tools 15 SP1 (SUSE Linux Enterprise), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), \u043e\u0442 4.4.166 \u0434\u043e 4.4.211 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.9.142 \u0434\u043e 4.9.211 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.14.85 \u0434\u043e 4.14.168 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.19.0 \u0434\u043e 4.19.99 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), \u0434\u043e 5.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 5.7.6-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.168\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.169\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.100\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.99\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.211\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.212\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.211\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.212\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2020-8428/\nhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 linux) \u0434\u043e 5.7.6-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\nhttps://www.debian.org/security/2020/dsa-4667\t\nhttps://www.debian.org/security/2020/dsa-4698\nhttps://lists.debian.org/debian-lts-announce/2020/06/msg00012.html\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4318-1/\t\nhttps://usn.ubuntu.com/4319-1/\t\nhttps://usn.ubuntu.com/4320-1/\t\nhttps://usn.ubuntu.com/4324-1/\t\nhttps://usn.ubuntu.com/4325-1/\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 linux) \u0434\u043e 5.7.6-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.4.123-1~bpo10+1.osnova162.strelets\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430: https://cve.omp.ru/bb30515",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.01.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.03.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-00850",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-8428",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, SUSE Linux Enterprise, OpenSUSE Leap, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Linux, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Novell Inc. SUSE Linux Enterprise High Performance Computing 12 , Novell Inc. SUSE Linux Enterprise Module for Basesystem 15 GA , Novell Inc. SUSE Linux Enterprise Server 12 SP4 , Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. SUSE Linux Enterprise Module for Basesystem 15 SP1 , Novell Inc. SUSE Linux Enterprise Module for Development Tools 15 GA , Novell Inc. SUSE Linux Enterprise Module for Development Tools 15 SP1 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.4.166 \u0434\u043e 4.4.211 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.9.142 \u0434\u043e 4.9.211 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.14.85 \u0434\u043e 4.14.168 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.19.0 \u0434\u043e 4.19.99 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.20 \u0434\u043e 5.4.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 fs/namei.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 fs/namei.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html\nhttp://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html\nhttp://www.openwall.com/lists/oss-security/2020/01/28/4\nhttp://www.openwall.com/lists/oss-security/2020/02/02/1\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8428\nhttps://cxsecurity.com/cveshow/CVE-2020-8428/\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6\nhttps://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.168\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.169\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.100\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.99\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.211\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.212\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.211\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.212\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.16\nhttps://lists.debian.org/debian-lts-announce/2020/06/msg00012.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8428\nhttps://security.netapp.com/advisory/ntap-20200313-0003/\nhttps://security-tracker.debian.org/tracker/CVE-2020-8428\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://syzkaller.appspot.com/bug?extid=190005201ced78a74ad6\nhttps://ubuntu.com/security/notices/USN-4318-1\nhttps://ubuntu.com/security/notices/USN-4319-1\nhttps://ubuntu.com/security/notices/USN-4320-1\nhttps://ubuntu.com/security/notices/USN-4324-1\nhttps://ubuntu.com/security/notices/USN-4325-1\nhttps://usn.ubuntu.com/4318-1/\nhttps://usn.ubuntu.com/4319-1/\nhttps://usn.ubuntu.com/4320-1/\nhttps://usn.ubuntu.com/4324-1/\nhttps://usn.ubuntu.com/4325-1/\nhttps://usn.ubuntu.com/lsn/0065-1/\nhttps://usn.ubuntu.com/usn/usn-4318-1\nhttps://usn.ubuntu.com/usn/usn-4319-1\nhttps://usn.ubuntu.com/usn/usn-4320-1\nhttps://usn.ubuntu.com/usn/usn-4324-1\nhttps://usn.ubuntu.com/usn/usn-4325-1\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://www.cve.org/CVERecord?id=CVE-2020-8428\nhttps://www.debian.org/security/2020/dsa-4667\nhttps://www.debian.org/security/2020/dsa-4698\nhttps://www.openwall.com/lists/oss-security/2020/01/28/2\nhttps://www.openwall.com/lists/oss-security/2020/01/28/4\nhttps://www.openwall.com/lists/oss-security/2020/02/02/1\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81\nhttps://cve.omp.ru/bb30515",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}
CERTFR-2020-AVI-124
Vulnerability from certfr_avis - Published: 2020-03-04 - Updated: 2020-03-04
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19533"
},
{
"name": "CVE-2019-19036",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19036"
},
{
"name": "CVE-2019-19966",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19966"
},
{
"name": "CVE-2020-8992",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8992"
},
{
"name": "CVE-2019-19526",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19526"
},
{
"name": "CVE-2019-19927",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19927"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-14896",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14896"
},
{
"name": "CVE-2019-19319",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19319"
},
{
"name": "CVE-2019-15213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15213"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2020-8428",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8428"
},
{
"name": "CVE-2019-19045",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19045"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19318",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19318"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-19051",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19051"
},
{
"name": "CVE-2019-14615",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14615"
},
{
"name": "CVE-2019-19066",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19066"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2019-19054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19054"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20096",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20096"
},
{
"name": "CVE-2019-14897",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14897"
},
{
"name": "CVE-2019-19965",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19965"
},
{
"name": "CVE-2019-19535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19535"
}
],
"initial_release_date": "2020-03-04T00:00:00",
"last_revision_date": "2020-03-04T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-124",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-03-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200558-1 du 02 mars 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200558-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200560-1 du 02 mars 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200560-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200559-1 du 02 mars 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200559-1/"
}
]
}
CERTFR-2020-AVI-148
Vulnerability from certfr_avis - Published: 2020-03-12 - Updated: 2020-03-13
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19082"
},
{
"name": "CVE-2019-19533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19533"
},
{
"name": "CVE-2019-19529",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19529"
},
{
"name": "CVE-2019-18809",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18809"
},
{
"name": "CVE-2019-19036",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19036"
},
{
"name": "CVE-2019-19966",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19966"
},
{
"name": "CVE-2019-19227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19227"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2020-8992",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8992"
},
{
"name": "CVE-2019-19073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19073"
},
{
"name": "CVE-2019-19543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19543"
},
{
"name": "CVE-2019-19526",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19526"
},
{
"name": "CVE-2019-19927",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19927"
},
{
"name": "CVE-2019-19060",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19060"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-14896",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14896"
},
{
"name": "CVE-2019-19319",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19319"
},
{
"name": "CVE-2019-19536",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19536"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2019-18683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18683"
},
{
"name": "CVE-2019-15213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15213"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19078",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19078"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2020-8428",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8428"
},
{
"name": "CVE-2019-19083",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19083"
},
{
"name": "CVE-2019-19052",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19052"
},
{
"name": "CVE-2019-19045",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19045"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-19049",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19049"
},
{
"name": "CVE-2019-19077",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19077"
},
{
"name": "CVE-2019-19067",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19067"
},
{
"name": "CVE-2019-19080",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19080"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19057",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19057"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19528",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19528"
},
{
"name": "CVE-2019-19056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19056"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-19318",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19318"
},
{
"name": "CVE-2019-19525",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19525"
},
{
"name": "CVE-2019-19075",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19075"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-19051",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19051"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-14615",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14615"
},
{
"name": "CVE-2019-19068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19068"
},
{
"name": "CVE-2019-19081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19081"
},
{
"name": "CVE-2019-19066",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19066"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2019-19054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19054"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-19065",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19065"
},
{
"name": "CVE-2019-20096",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20096"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19074",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19074"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-14897",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14897"
},
{
"name": "CVE-2019-19965",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19965"
},
{
"name": "CVE-2019-19531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19531"
},
{
"name": "CVE-2019-19535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19535"
}
],
"initial_release_date": "2020-03-12T00:00:00",
"last_revision_date": "2020-03-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200649-1 du 13 mars 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200667-1/"
}
],
"reference": "CERTFR-2020-AVI-148",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-03-12T00:00:00.000000"
},
{
"description": "Ajout du bulletin de deux bulletins de s\u00e9curit\u00e9",
"revision_date": "2020-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200649-1 du 12 mars 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200649-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200667-1 du 13 mars 2020",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200605-1 du 06 mars 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200605-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200613-1 du 09 mars 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200613-1/"
}
]
}
CERTFR-2020-AVI-119
Vulnerability from certfr_avis - Published: 2020-02-28 - Updated: 2020-02-28
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19533"
},
{
"name": "CVE-2019-19036",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19036"
},
{
"name": "CVE-2019-19966",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19966"
},
{
"name": "CVE-2020-8992",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8992"
},
{
"name": "CVE-2019-19526",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19526"
},
{
"name": "CVE-2019-19927",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19927"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-14896",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14896"
},
{
"name": "CVE-2019-19319",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19319"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2020-8428",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8428"
},
{
"name": "CVE-2019-19045",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19045"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19318",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19318"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-19051",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19051"
},
{
"name": "CVE-2019-14615",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14615"
},
{
"name": "CVE-2019-19066",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19066"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2019-19054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19054"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20096",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20096"
},
{
"name": "CVE-2019-14897",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14897"
},
{
"name": "CVE-2019-19965",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19965"
},
{
"name": "CVE-2019-19535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19535"
}
],
"initial_release_date": "2020-02-28T00:00:00",
"last_revision_date": "2020-02-28T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-119",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200511-1 du 27 f\u00e9vrier 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200511-1/"
}
]
}
CERTFR-2020-AVI-331
Vulnerability from certfr_avis - Published: 2020-06-02 - Updated: 2020-06-02
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Android toutes versions sans le correctif de s\u00e9curit\u00e9 du 01 juin 2020",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-0197",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0197"
},
{
"name": "CVE-2020-0176",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0176"
},
{
"name": "CVE-2019-13135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13135"
},
{
"name": "CVE-2020-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0165"
},
{
"name": "CVE-2020-0120",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0120"
},
{
"name": "CVE-2019-19529",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19529"
},
{
"name": "CVE-2020-0137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0137"
},
{
"name": "CVE-2020-0206",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0206"
},
{
"name": "CVE-2020-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0216"
},
{
"name": "CVE-2020-0204",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0204"
},
{
"name": "CVE-2020-0177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0177"
},
{
"name": "CVE-2020-0194",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0194"
},
{
"name": "CVE-2020-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0095"
},
{
"name": "CVE-2020-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3660"
},
{
"name": "CVE-2020-0212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0212"
},
{
"name": "CVE-2020-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3658"
},
{
"name": "CVE-2020-0153",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0153"
},
{
"name": "CVE-2020-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0211"
},
{
"name": "CVE-2020-0234",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0234"
},
{
"name": "CVE-2020-3661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3661"
},
{
"name": "CVE-2020-0199",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0199"
},
{
"name": "CVE-2020-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0210"
},
{
"name": "CVE-2020-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0161"
},
{
"name": "CVE-2017-9704",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9704"
},
{
"name": "CVE-2020-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0168"
},
{
"name": "CVE-2019-10501",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10501"
},
{
"name": "CVE-2019-19543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19543"
},
{
"name": "CVE-2019-10626",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10626"
},
{
"name": "CVE-2020-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0144"
},
{
"name": "CVE-2020-0233",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0233"
},
{
"name": "CVE-2020-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0160"
},
{
"name": "CVE-2019-19526",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19526"
},
{
"name": "CVE-2020-0187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0187"
},
{
"name": "CVE-2020-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0167"
},
{
"name": "CVE-2020-0118",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0118"
},
{
"name": "CVE-2020-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0179"
},
{
"name": "CVE-2020-3614",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3614"
},
{
"name": "CVE-2020-0145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0145"
},
{
"name": "CVE-2020-0171",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0171"
},
{
"name": "CVE-2020-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3642"
},
{
"name": "CVE-2020-0151",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0151"
},
{
"name": "CVE-2020-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0185"
},
{
"name": "CVE-2020-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0115"
},
{
"name": "CVE-2020-0147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0147"
},
{
"name": "CVE-2020-0113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0113"
},
{
"name": "CVE-2019-19071",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19071"
},
{
"name": "CVE-2020-0141",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0141"
},
{
"name": "CVE-2019-18683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18683"
},
{
"name": "CVE-2020-0133",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0133"
},
{
"name": "CVE-2020-0140",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0140"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2020-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0131"
},
{
"name": "CVE-2020-3662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3662"
},
{
"name": "CVE-2020-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0139"
},
{
"name": "CVE-2020-0143",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0143"
},
{
"name": "CVE-2020-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0136"
},
{
"name": "CVE-2020-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0169"
},
{
"name": "CVE-2020-0186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0186"
},
{
"name": "CVE-2020-0132",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0132"
},
{
"name": "CVE-2020-0149",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0149"
},
{
"name": "CVE-2019-2219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2219"
},
{
"name": "CVE-2020-0172",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0172"
},
{
"name": "CVE-2020-0156",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0156"
},
{
"name": "CVE-2020-0158",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0158"
},
{
"name": "CVE-2020-3676",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3676"
},
{
"name": "CVE-2020-0124",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0124"
},
{
"name": "CVE-2020-0203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0203"
},
{
"name": "CVE-2020-0142",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0142"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2020-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3635"
},
{
"name": "CVE-2020-0232",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0232"
},
{
"name": "CVE-2020-0116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0116"
},
{
"name": "CVE-2020-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0215"
},
{
"name": "CVE-2020-8428",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8428"
},
{
"name": "CVE-2020-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0154"
},
{
"name": "CVE-2020-0134",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0134"
},
{
"name": "CVE-2020-0164",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0164"
},
{
"name": "CVE-2019-14080",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14080"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2020-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0155"
},
{
"name": "CVE-2020-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0217"
},
{
"name": "CVE-2020-0163",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0163"
},
{
"name": "CVE-2020-0170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0170"
},
{
"name": "CVE-2020-0114",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0114"
},
{
"name": "CVE-2020-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0235"
},
{
"name": "CVE-2020-0191",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0191"
},
{
"name": "CVE-2020-0188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0188"
},
{
"name": "CVE-2019-14092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14092"
},
{
"name": "CVE-2020-0127",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0127"
},
{
"name": "CVE-2020-0213",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0213"
},
{
"name": "CVE-2020-0196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0196"
},
{
"name": "CVE-2020-0193",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0193"
},
{
"name": "CVE-2020-0126",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0126"
},
{
"name": "CVE-2020-0121",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0121"
},
{
"name": "CVE-2019-10597",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10597"
},
{
"name": "CVE-2019-14076",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14076"
},
{
"name": "CVE-2020-0181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0181"
},
{
"name": "CVE-2020-0135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0135"
},
{
"name": "CVE-2019-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14062"
},
{
"name": "CVE-2020-0183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0183"
},
{
"name": "CVE-2020-0117",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0117"
},
{
"name": "CVE-2020-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3628"
},
{
"name": "CVE-2020-0148",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0148"
},
{
"name": "CVE-2020-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0166"
},
{
"name": "CVE-2019-14073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14073"
},
{
"name": "CVE-2020-0208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0208"
},
{
"name": "CVE-2020-0162",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0162"
},
{
"name": "CVE-2019-14047",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14047"
},
{
"name": "CVE-2020-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0207"
},
{
"name": "CVE-2019-9460",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9460"
},
{
"name": "CVE-2020-0200",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0200"
},
{
"name": "CVE-2020-0190",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0190"
},
{
"name": "CVE-2019-14094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14094"
},
{
"name": "CVE-2020-0173",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0173"
},
{
"name": "CVE-2020-0152",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0152"
},
{
"name": "CVE-2020-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0138"
},
{
"name": "CVE-2020-0195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0195"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0128"
},
{
"name": "CVE-2020-0219",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0219"
},
{
"name": "CVE-2020-0184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0184"
},
{
"name": "CVE-2020-0223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0223"
},
{
"name": "CVE-2020-0180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0180"
},
{
"name": "CVE-2020-0125",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0125"
},
{
"name": "CVE-2020-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0209"
},
{
"name": "CVE-2020-0198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0198"
},
{
"name": "CVE-2019-18786",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18786"
},
{
"name": "CVE-2020-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0119"
},
{
"name": "CVE-2020-0175",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0175"
},
{
"name": "CVE-2020-0129",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0129"
},
{
"name": "CVE-2020-8597",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8597"
},
{
"name": "CVE-2019-16275",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16275"
},
{
"name": "CVE-2020-3665",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3665"
},
{
"name": "CVE-2020-0182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0182"
},
{
"name": "CVE-2020-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0205"
},
{
"name": "CVE-2020-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3626"
},
{
"name": "CVE-2020-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0192"
},
{
"name": "CVE-2019-14091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14091"
},
{
"name": "CVE-2020-0150",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0150"
},
{
"name": "CVE-2020-0189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0189"
},
{
"name": "CVE-2020-0178",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0178"
},
{
"name": "CVE-2020-0202",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0202"
},
{
"name": "CVE-2020-0157",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0157"
},
{
"name": "CVE-2020-0146",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0146"
},
{
"name": "CVE-2020-3663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3663"
},
{
"name": "CVE-2020-0214",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0214"
},
{
"name": "CVE-2020-0174",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0174"
},
{
"name": "CVE-2020-0159",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0159"
},
{
"name": "CVE-2020-0218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0218"
},
{
"name": "CVE-2019-13136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13136"
},
{
"name": "CVE-2020-0201",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0201"
}
],
"initial_release_date": "2020-06-02T00:00:00",
"last_revision_date": "2020-06-02T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-331",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 01 juin 2020",
"url": "https://source.android.com/security/bulletin/2020-06-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel du 01 juin 2020",
"url": "https://source.android.com/security/bulletin/pixel/2020-06-01"
}
]
}
CERTFR-2020-AVI-368
Vulnerability from certfr_avis - Published: 2020-06-11 - Updated: 2020-06-11
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Debian | N/A | Debian 8 "Jessie" avec un noyau Linux 4.x antérieur à 4.9.210-1+deb9u1~deb8u1 | ||
| Debian | N/A | Debian stretch avec un noyau Linux antérieur à 4.9.210-1+deb9u1 | ||
| Debian | N/A | Debian buster avec un noyau Linux antérieur à 4.19.118-2+deb10u1 | ||
| Debian | N/A | Debian 8 "Jessie" avec un noyau Linux antérieur à 3.16.84-1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian 8 \"Jessie\" avec un noyau Linux 4.x ant\u00e9rieur \u00e0 4.9.210-1+deb9u1~deb8u1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian stretch avec un noyau Linux ant\u00e9rieur \u00e0 4.9.210-1+deb9u1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian buster avec un noyau Linux ant\u00e9rieur \u00e0 4.19.118-2+deb10u1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian 8 \"Jessie\" avec un noyau Linux ant\u00e9rieur \u00e0 3.16.84-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-12464",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12464"
},
{
"name": "CVE-2020-11609",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11609"
},
{
"name": "CVE-2020-12114",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12114"
},
{
"name": "CVE-2020-10711",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10711"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12652"
},
{
"name": "CVE-2019-5108",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5108"
},
{
"name": "CVE-2019-19462",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19462"
},
{
"name": "CVE-2019-19319",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19319"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-11494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11494"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2019-20806",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20806"
},
{
"name": "CVE-2018-14613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14613"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-11608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11608"
},
{
"name": "CVE-2020-12769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12769"
},
{
"name": "CVE-2020-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0009"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2020-8428",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8428"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-13143",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13143"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2018-14610",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14610"
},
{
"name": "CVE-2018-14612",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14612"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2019-3016",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3016"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2020-12768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12768"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
},
{
"name": "CVE-2018-14611",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14611"
},
{
"name": "CVE-2019-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2182"
},
{
"name": "CVE-2015-8839",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8839"
},
{
"name": "CVE-2019-19768",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19768"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
}
],
"initial_release_date": "2020-06-11T00:00:00",
"last_revision_date": "2020-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-368",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS dla-2241 du 10 juin 2020",
"url": "https://www.debian.org/lts/security/2020/dla-2241"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS dla-2242 du 10 juin 2020",
"url": "https://www.debian.org/lts/security/2020/dla-2242"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-4698 du 09 juin 2020",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-4699 du 09 juin 2020",
"url": "https://www.debian.org/security/2020/dsa-4699"
}
]
}
CERTFR-2020-AVI-130
Vulnerability from certfr_avis - Published: 2020-03-06 - Updated: 2020-03-06
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19533"
},
{
"name": "CVE-2019-19529",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19529"
},
{
"name": "CVE-2019-18809",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18809"
},
{
"name": "CVE-2019-19036",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19036"
},
{
"name": "CVE-2019-19966",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19966"
},
{
"name": "CVE-2019-19227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19227"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2020-8992",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8992"
},
{
"name": "CVE-2019-19073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19073"
},
{
"name": "CVE-2019-19543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19543"
},
{
"name": "CVE-2019-19526",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19526"
},
{
"name": "CVE-2019-19927",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19927"
},
{
"name": "CVE-2019-19060",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19060"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-14896",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14896"
},
{
"name": "CVE-2019-19319",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19319"
},
{
"name": "CVE-2019-19536",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19536"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2019-18683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18683"
},
{
"name": "CVE-2019-15213",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15213"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2020-8428",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8428"
},
{
"name": "CVE-2019-19052",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19052"
},
{
"name": "CVE-2019-19045",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19045"
},
{
"name": "CVE-2019-19049",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19049"
},
{
"name": "CVE-2019-19077",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19077"
},
{
"name": "CVE-2019-19067",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19067"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19057",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19057"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19528",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19528"
},
{
"name": "CVE-2019-19056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19056"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-19318",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19318"
},
{
"name": "CVE-2019-19525",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19525"
},
{
"name": "CVE-2019-19075",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19075"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-19051",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19051"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-14615",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14615"
},
{
"name": "CVE-2019-19068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19068"
},
{
"name": "CVE-2019-19066",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19066"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2019-19054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19054"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-19065",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19065"
},
{
"name": "CVE-2019-20096",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20096"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19074",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19074"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-14897",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14897"
},
{
"name": "CVE-2019-19965",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19965"
},
{
"name": "CVE-2019-19531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19531"
},
{
"name": "CVE-2019-19535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19535"
}
],
"initial_release_date": "2020-03-06T00:00:00",
"last_revision_date": "2020-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-130",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200599-1 du 05 mars 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200599-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200584-1 du 04 mars 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200584-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20200580-1 du 04 mars 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200580-1/"
}
]
}
CERTFR-2020-AVI-191
Vulnerability from certfr_avis - Published: 2020-04-07 - Updated: 2020-04-08
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 19.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8992",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8992"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2020-8428",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8428"
},
{
"name": "CVE-2020-8834",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8834"
}
],
"initial_release_date": "2020-04-07T00:00:00",
"last_revision_date": "2020-04-08T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-191",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-07T00:00:00.000000"
},
{
"description": "Ajout des avis de s\u00e9curit\u00e9 Ubuntu USN-4324-1 et USN-4325-1 du 07 avril 2020.",
"revision_date": "2020-04-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4325-1 du 07 avril 2020",
"url": "https://usn.ubuntu.com/4325-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4318-1 du 06 avril 2020",
"url": "https://usn.ubuntu.com/4318-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4319-1 du 06 avril 2020",
"url": "https://usn.ubuntu.com/4319-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4320-1 du 06 avril 2020",
"url": "https://usn.ubuntu.com/4320-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4324-1 du 07 avril 2020",
"url": "https://usn.ubuntu.com/4324-1/"
}
]
}
GSD-2020-8428
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-8428",
"description": "fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.",
"id": "GSD-2020-8428",
"references": [
"https://www.suse.com/security/cve/CVE-2020-8428.html",
"https://www.debian.org/security/2020/dsa-4698",
"https://www.debian.org/security/2020/dsa-4667",
"https://ubuntu.com/security/CVE-2020-8428",
"https://advisories.mageia.org/CVE-2020-8428.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-8428"
],
"details": "fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.",
"id": "GSD-2020-8428",
"modified": "2023-12-13T01:21:53.628512Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/01/28/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/01/28/2"
},
{
"name": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"name": "[oss-security] 20200129 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/28/4"
},
{
"name": "[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/02/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200313-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "openSUSE-SU-2020:0336",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"name": "USN-4320-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4320-1/"
},
{
"name": "USN-4318-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4318-1/"
},
{
"name": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "USN-4324-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4324-1/"
},
{
"name": "USN-4325-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4325-1/"
},
{
"name": "USN-4319-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4319-1/"
},
{
"name": "DSA-4667",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4698"
}
]
},
"source": {
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.5",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8428"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/01/28/2",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/28/2"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"name": "[oss-security] 20200129 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/28/4"
},
{
"name": "[oss-security] 20200202 Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2)",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2020/02/02/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200313-0003/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "openSUSE-SU-2020:0336",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"name": "USN-4320-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4320-1/"
},
{
"name": "USN-4318-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4318-1/"
},
{
"name": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "USN-4324-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4324-1/"
},
{
"name": "USN-4325-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4325-1/"
},
{
"name": "USN-4319-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4319-1/"
},
{
"name": "DSA-4667",
"refsource": "DEBIAN",
"tags": [],
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"tags": [],
"url": "https://www.debian.org/security/2020/dsa-4698"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2020-06-10T20:15Z",
"publishedDate": "2020-01-29T00:15Z"
}
}
}
FKIE_CVE-2020-8428
Vulnerability from fkie_nvd - Published: 2020-01-29 00:15 - Updated: 2024-11-21 05:38
Severity ?
Summary
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html | ||
| cve@mitre.org | http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/01/28/4 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2020/02/02/1 | ||
| cve@mitre.org | https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6 | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200313-0003/ | ||
| cve@mitre.org | https://usn.ubuntu.com/4318-1/ | ||
| cve@mitre.org | https://usn.ubuntu.com/4319-1/ | ||
| cve@mitre.org | https://usn.ubuntu.com/4320-1/ | ||
| cve@mitre.org | https://usn.ubuntu.com/4324-1/ | ||
| cve@mitre.org | https://usn.ubuntu.com/4325-1/ | ||
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4667 | ||
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4698 | ||
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2020/01/28/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/01/28/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2020/02/02/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200313-0003/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4318-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4319-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4320-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4324-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4325-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4667 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2020/01/28/2 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "904A2E19-D6CD-4C97-B8F4-1F179CC6956C",
"versionEndExcluding": "5.5",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed."
},
{
"lang": "es",
"value": "El archivo fs/namei.c en el kernel de Linux versiones anteriores a 5.5, presenta una vulnerabilidad de uso de la memoria previamente liberada en la funci\u00f3n may_create_in_sticky, que permite a usuarios locales causar una denegaci\u00f3n de servicio (OOPS) u obtener informaci\u00f3n confidencial de la memoria del kernel, tambi\u00e9n se conoce como CID-d0cb50185ae9. Un vector de ataque puede ser una llamada de sistema abierta para un socket del dominio UNIX, si el socket est\u00e1 siendo movido hacia un nuevo directorio padre y su antiguo directorio padre est\u00e1 siendo eliminado."
}
],
"id": "CVE-2020-8428",
"lastModified": "2024-11-21T05:38:50.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-29T00:15:10.953",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/28/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2020/02/02/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4318-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4319-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4320-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4324-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4325-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/28/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2020/02/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4318-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4319-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4320-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4324-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4325-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/01/28/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-9X38-4G8C-26WP
Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-05-24 17:07
VLAI?
Details
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.
{
"affected": [],
"aliases": [
"CVE-2020-8428"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-29T00:15:00Z",
"severity": "LOW"
},
"details": "fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed.",
"id": "GHSA-9x38-4g8c-26wp",
"modified": "2022-05-24T17:07:43Z",
"published": "2022-05-24T17:07:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8428"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200313-0003"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4318-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4319-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4320-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4324-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4325-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4667"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2020/01/28/2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/01/28/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/02/02/1"
}
],
"schema_version": "1.4.0",
"severity": []
}
CNVD-2020-04836
Vulnerability from cnvd - Published: 2020-02-12
VLAI Severity ?
Title
Linux kernel may_create_in_sticky拒绝服务漏洞
Description
Linux kernel是一款开源的操作系统。
Linux kernel fs/namei.c may_create_in_sticky存在释放后使用漏洞,本地攻击者可利用该漏洞提交特殊的请求,可使系统崩溃。
Severity
中
Patch Name
Linux kernel may_create_in_sticky拒绝服务漏洞的补丁
Patch Description
Linux kernel是一款开源的操作系统。
Linux kernel fs/namei.c may_create_in_sticky存在释放后使用漏洞,本地攻击者可利用该漏洞提交特殊的请求,可使系统崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6
Reference
http://www.openwall.com/lists/oss-security/2020/01/28/4
Impacted products
| Name | Linux Kernel < 5.5 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-8428",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-8428"
}
},
"description": "Linux kernel\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nLinux kernel fs/namei.c may_create_in_sticky\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u4f7f\u7cfb\u7edf\u5d29\u6e83\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d0cb50185ae942b03c4327be322055d622dc79f6",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-04836",
"openTime": "2020-02-12",
"patchDescription": "Linux kernel\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nLinux kernel fs/namei.c may_create_in_sticky\u5b58\u5728\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u4f7f\u7cfb\u7edf\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Linux kernel may_create_in_sticky\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Linux Kernel \u003c 5.5"
},
"referenceLink": "http://www.openwall.com/lists/oss-security/2020/01/28/4",
"serverity": "\u4e2d",
"submitTime": "2020-02-04",
"title": "Linux kernel may_create_in_sticky\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…